Restricting access to management on Huawei S2326TP-EI

I will give an example of setting up an ACL to restrict access to Telnet, SSH, SNMP on Huawei S2300 series switches.

Let’s create an ACL (Access Control List) in which we specify the addresses that will be allowed access to the device via SNMP:

acl number 2000
rule 5 permit source 10.0.0.1 0
rule 10 permit source 192.168.5.5 0
quit

Let’s add an SNMP community with an ACL (if SNMP communities without ACLs were added before, then delete them):

snmp-agent community read ixnfo.com acl 2000
undo snmp-agent community ...

Let’s create an ACL in which we specify the addresses that will be allowed access to device management via Telnet and SSH:

acl 3999
rule permit ip source 10.0.0.1 0
rule permit ip source 10.0.100.100 0
quit

Let’s see the vty numbers that are configured on the device:

display current-configuration | include vty

Let’s apply acl to existing vty:

user-interface vty 0 4
acl 3999 inbound
quit

Let’s save the configuration:

quit
save

An example of viewing ACLs:

display acl all

See also my article:
Configuring Huawei Quidway S2326TP-EI

Leave a comment

Leave a Reply